b'March 31, 2008\n\nGEORGE W. WRIGHT\nVICE PRESIDENT, INFORMATION TECHNOLOGY OPERATIONS\n\nSUSAN M. PLONKEY\nVICE PRESIDENT, CUSTOMER SERVICE\n\nSUBJECT: Application Controls Review of the Electronic\n         Verification System (Report Number CRR-AR-08-003)\n\nThis report presents the results of our audit of application controls over the Postal\nService\xe2\x80\x99s Electronic Verification System (eVS) (Project 07RG006IS000). The Postal\nAccountability and Enhancement Act of 2006 (the Postal Act of 2006) requires the U.S.\nPostal Service Office of Inspector General (OIG) to audit data collection systems and\nprocedures the Postal Service uses in their ratemaking process. We initiated this audit\nin response to those requirements. See Appendix A for additional information about this\naudit.\n\nConclusion\n\nThe Postal Service has made advances in strengthening application controls in the\neVS, periodically implements new rate case requirements, and improves systems\nfunctionality and controls on an incremental basis. However, we identified data input\nvalidation and sampling and reconciliation procedures the agency could strengthen to\nfurther protect mailing revenues, attract additional customers to the eVS, and preserve\ncustomer goodwill and the Postal Service brand. We will report preservation of\ncustomer goodwill and the Postal Service brand as non-monetary impacts in our\nSemiannual Report to Congress.\n\nData Input Validation\n\nIncomplete data validation rules allow mailings that do not meet criteria for destination\nentry discounts to be processed through the eVS. The Product Tracking System (PTS),\nwhich initially receives the electronic manifest file from the mailer, treats certain error\nconditions as warnings, allowing the records to be processed instead of being rejected\nfor correction and retransmission. Incorrect edit processing can lead to erroneous\npostage calculations and additional expense to deliver the mail, resulting in loss of\nrevenue. See Appendix B for additional information about data input validation issues.\n\x0cApplication Controls Review of the                                                              CRR-AR-08-003\n Electronic Verification System\n\n\nWe recommended the Vice President, Customer Service, direct the Manager, Marketing\nTechnology and Channel Management, to:\n\n1.       Reevaluate all warning messages in the Product Tracking System to determine\n         whether they impact the postage calculation.\n\n2.       Strengthen the edit rules in the Product Tracking System to enforce the\n         requirements for destination entry discounts.\n\nComprehensive Sampling Procedures\n\nThe Postal Service needs to strengthen sampling and verification procedures at mail\nreceiving facilities. Guidelines allow sampling data to be captured for a mailer at any\ntime during a 7-day period in either one or several sessions. Additionally, management\ndiscontinued sampling conducted by business mail entry personnel at destination\ndelivery units and began relying on sampling conducted by Statistical Programs\npersonnel. However, these personnel are not onsite every day at these facilities.\nFinally, there are no established procedures to address delinquent sampling.1 The\npotential for non-uniform sampling at acceptance facilities creates opportunities for\nmailers to ship mailpieces that do not qualify for destination entry discount rates. See\nAppendix B for additional information about sampling issues.\n\nWe recommended the Vice President, Customer Service, direct the Manager, Marketing\nTechnology and Channel Management, to:\n\n3.      Develop and implement formal procedures for sampling of Electronic Verification\n        System packages at all appropriate postal units, including destination delivery units.\n\n4.      Track and monitor delinquent sampling to determine the adequacy and timeliness\n        of sampling of mailings.\n\nReconciliation Procedures\n\nBusiness mailers we interviewed could not reconcile monthly billings from the Postal\nService to the electronic manifests they submit to the agency for the same period.\nExisting summaries, error reports, and postage statements did not provide sufficient\ndetail for mailers to ascertain postal billings. The inability to reconcile billing statements\ncould prevent customers from adopting the eVS for their mailing needs and impact\ncustomer goodwill and the Postal Service brand. See Appendix B for additional\ninformation about reconciliation procedures.\n\n\n\n\n1\n    When mail arrives at a scheduled entry facility but no test data is collected, the test is considered delinquent.\n\n\n                                                              2\n\x0cApplication Controls Review of the                                   CRR-AR-08-003\n Electronic Verification System\n\n\nWe recommended the Vice President, Customer Service, direct the Manager, Marketing\nTechnology and Channel Management, to:\n\n   5. Develop and implement a monthly reconciliation report that allows business\n      customers to validate postal billings.\n\nCommingling of Test and Production Transactions\n\nData transmitted by a pilot mailer during parallel testing was commingled with\nproduction data in the eVS database. The Postal Service uses data entered from hard\ncopy manifests submitted by this mailer for billing purposes and uses data transmitted\nelectronically into the database for testing purposes. The existing procedures do not\nclearly distinguish data used for parallel testing from production data. The Postal\nService did not implement a separate testing environment to support mailers during the\npilot phase. Combining test data with production data could result in billing errors and\nimpact the integrity of data used in corporate decision making. See Appendix B for\nadditional information about commingling test and production transactions.\n\nWe recommended the Vice President, Customer Service, direct the Manager, Marketing\nTechnology and Channel Management, to:\n\n   6. Delineate parallel data used for pilot testing from production data as an interim\n      solution.\n\n   7. Work with Information Technology to establish a separate test environment to\n      support pilot mailers.\n\nManagement\xe2\x80\x99s Comments\n\nManagement agreed with our findings and recommendations and will implement\ncorrective actions for recommendations 1 through 6 by September 30, 2009.\nManagement also agreed with the intent of recommendation 7, but stated they did not\nhave the resources to fully implement a separate test environment. Management also\nagreed to the non-monetary impacts identified in this audit. Management\xe2\x80\x99s comments,\nin their entirety, are included in Appendix C.\n\nEvaluation of Management\xe2\x80\x99s Comments\n\nThe OIG considers management\xe2\x80\x99s comments responsive to the recommendations in the\nreport. The OIG considers recommendations 1, 2, 3, and 5 significant, and therefore\nrequires OIG concurrence before closure. Consequently, the OIG requests written\nconfirmation when corrective actions are completed. These recommendations should\nnot be closed in the follow-up tracking system until the OIG provides written\nconfirmation the recommendations can be closed.\n\n\n                                            3\n\x0cApplication Controls Review of the                                  CRR-AR-08-003\n Electronic Verification System\n\n\nWe appreciate the cooperation and courtesies provided by your staff during the audit. If\nyou have any questions or need additional information, please contact Paul Kuennen,\nDirector, Cost, Revenue and Rates, or me at (703) 248-2100.\n\n E-Signed by Tammy Whitcomb\nERIFY authenticity with ApproveI\n\n\n\n\nTammy L. Whitcomb\nDeputy Assistant Inspector General\n for Revenue and Systems\n\nAttachments\n\n\ncc: H. Glen Walker\n    Harold E. Stark\n    Pritha N. Mehra\n    Mark A. Mittelman\n    Katherine S. Banks\n\n\n\n\n                                           4\n\x0cApplication Controls Review of the                                      CRR-AR-08-003\n Electronic Verification System\n\n                      APPENDIX A: ADDITIONAL INFORMATION\n\nBACKGROUND\n\nThe eVS, a component of the PostalOne! system, allows high-volume package mailers\nto use electronic manifest forms instead of paper documents to document and pay\npostage and special service fees. The eVS is designed to make it easy for high-volume\npackage mailers to take advantage of destination entry rates. Mailers prepare manifest\nfiles in electronic format for transmission to the Postal Service through the Internet,\nwhile mail packages are delivered at destination entry postal facilities.\n\nThe PTS, an existing system used for delivery confirmation and signature confirmation\nservices, initially receives the electronic manifest the mailer transmits. The PTS\nperforms a series of data edits based on edit rules implemented in the system. As part\nof the edit and validation process, the PTS generates a Confirmation, Error, and\nWarning file. This file contains information about valid records accepted for processing,\nrecords that do not meet all criteria but are nevertheless accepted and forwarded for\nfurther processing with a warning message, and records that are rejected for error\nconditions. The PTS validates 130 standard error and warning conditions, producing\nwarning or error messages depending on the condition of data records in the manifest\nfile. For all mail classes and categories, the PTS validates a combined total of 1,394\npotential warning and error conditions. Of this total, 572 are error conditions resulting in\nrecords being rejected for subsequent correction and resubmission. There are 822\nwarnings where the records are forwarded for further processing by the eVS system,\nalthough the records may not meet all processing criteria to qualify for destination entry\ndiscounts.\n\nThe Postal Service collects sampling data at destination mail facilities such as\ndestination bulk mail centers, destination auxiliary service facilities, destination sectional\ncenter facilities, and destination delivery units. Postal clerks at receiving facilities\nexamine sample packages to determine the accuracy of mail preparation and postage.\nThe Electronic Verification System Intelligent Mail Device User Guide, version 1.3,\ndated May 2007, gives detailed sampling procedures. According to the guide, business\nmail entry personnel at receiving facilities should randomly sample at least 100 pieces\nof eVS mail in each 7-day period for each mailer. The sampling data is uploaded in the\neVS, which compares the data against the manifest files to determine the accuracy of\npostage calculation and to identify unmanifested mail.\n\nThe eVS calculates postage payments and adjustments for unmanifested and\nmisshipped mail. The eVS also calculates adjustments for discrepancies identified\nduring sampling and produces error reports showing calculations for unmanifested and\nmisshipped mail and sampling adjustments.\n\nThe Postal Service electronically deducts postage for the mailings from mailers\xe2\x80\x99\nPostalOne! postage payment accounts. Mailers can review online statements to see\nthe results of postage samplings. Mailers can also monitor the quality of their mail, take\n\n                                              5\n\x0cApplication Controls Review of the                                   CRR-AR-08-003\n Electronic Verification System\n\npreventive measures to ensure discrepancies do not recur, and avoid future postage\nadjustments.\n\nCurrently, nine customers use the production system and one customer uses the\nsystem as a pilot. In fiscal year (FY) 2007, these mailers delivered 84 million mailpieces\ntotaling $112 million in revenue.\n\nOBJECTIVE, SCOPE, AND METHODOLOGY\n\nOur objective was to evaluate the effectiveness of application controls over the eVS. To\naccomplish our objective, we reviewed system documentation and architecture and\ninterviewed the portfolio manager and system owner. We studied the data file structure\nof the electronic manifest file, assessed the transaction flows within the system, and\nevaluated existing controls. We assessed processing logic for manifest processing,\nsample reconciliation, and processing of unmanifested mail. We visited a business mail\nentry unit, observed eVS mail acceptance and sampling, and interviewed personnel.\nWe conducted site visits to two eVS customers and obtained feedback and information\nabout their file preparation and quality control procedures. We analyzed edit rules\nimplemented in the system; electronic data files submitted by eVS mailers; and\nConfirmation, Error, and Warning reports produced by the system. We compared data\nrecords from input files to output produced by the eVS for the same records. For\nselected customers, we evaluated error report generation and transmission at various\nstages, error correction, and reconciliation efforts.\n\nWe conducted this performance audit from April 2007 through March 2008 in\naccordance with generally accepted government auditing standards and included tests\nof internal controls as we considered necessary under the circumstances. Those\nstandards require that we plan and perform the audit to obtain sufficient, appropriate\nevidence to provide a reasonable basis for our findings and conclusions based on our\naudit objective. We believe that the evidence obtained provides a reasonable basis for\nour findings and conclusions based on our audit objective. We discussed our\nobservations and conclusions with management officials on March 4, 2008, and\nincluded their comments where appropriate.\n\nWe used manual and automated processes to assess the reliability of\ncomputer-generated data used for our analysis and we concluded that the data were\nsufficiently reliable to support the audit objective.\n\nPRIOR AUDIT COVERAGE\n\nThe OIG issued a report titled Security Review of the Electronic Verification System\n(Report Number CRR-AR-08-002) on February 12, 2008. The report cited weaknesses\nboth in the primary external file transfer method the Postal Service uses to receive\nelectronic manifests from major mailers and in user authentication. Management\nagreed with two recommendations to strengthen file transport security and has\ninitiatives in progress, completed, or planned addressing the issue. Management did\n\n                                            6\n\x0cApplication Controls Review of the                               CRR-AR-08-003\n Electronic Verification System\n\nnot agree with two other recommendations to strengthen user authentication and stated\nthey would accept the risk associated with the existing user access controls.\n\n\n\n\n                                          7\n\x0cApplication Controls Review of the                                                       CRR-AR-08-003\n Electronic Verification System\n\n\n                                APPENDIX B: DETAILED ANALYSIS\n\nOverall Application Controls\n\nThe Postal Service has made advances in strengthening application controls in the\neVS. The Postal Service periodically implements new rate case requirements and\nimproves systems functionality and controls on an incremental basis.\n\nThe Postal Service can further strengthen input validation routines and mail acceptance\nguidance and procedures to ensure that mailings qualify for the discounts they receive.\nDevelopment of input reconciliation reports could assist mailers in transitioning to the\neVS. Finally, separating parallel test data from production data would assist in\npreserving the integrity of data used in postal ratemaking.\n\nBecause management gave implementing recent rate case requirements a higher\npriority, they could not devote resources to implementing all the required controls in a\ntimely manner. Strengthening data input validation, developing comprehensive\nsampling guidance and procedures, improving reconciliation procedures, and\nseparating parallel test data from production data could further protect mailing revenue,\nattract additional customers to the eVS, and preserve customer goodwill and the Postal\nService brand.\n\nData Input Validation\n\nIncomplete data validation rules allow mailings that do not meet criteria2 for eVS\ndestination entry rates to be processed through the eVS. The PTS, which initially\nreceives the electronic manifest file from the mailer, treats certain error conditions as\nwarnings, allowing the records to be processed instead of rejecting them for subsequent\ncorrection and retransmission. This occurs because the edit rules implemented in the\nPTS are meant for validating mail for delivery and signature confirmation purposes and\nnot for eVS destination rate validation. Best practices call for performing routine data\nverifications or edit checks as close to the point of origin as possible. Incorrect edit\nprocessing can result in erroneous postage calculations and additional expense to\ndeliver the mail, resulting in loss of revenue. Strengthening input controls could\npreserve customer goodwill and protect the Postal Service brand.\n\nWe analyzed approximately 48,000 records a major mailer submitted through the eVS\nand that found more than 3 percent of records contained warnings and were forwarded\nto the eVS for further processing.3 These warnings included invalid destination Zip\nCodes\xe2\x84\xa2, destination rate indicators that did not match entry facilities, and destination\n\n\n2\n  Publication 205, Electronic Verification System Business and Technical Guide, Appendix F, dated August 16, 2007,\ngives the requirements for preparing destination entry mail.\n3\n  During the 12 months ended November 30, 2007, this mailer submitted 6.6 million records totaling $10.6 million in\npostage.\n\n\n                                                         8\n\x0cApplication Controls Review of the                                     CRR-AR-08-003\n Electronic Verification System\n\nZip Codes outside the service area of the delivery unit. These warnings could result in\nincorrect postage as follows:\n\n   \xe2\x80\xa2   The data file format requires a valid Zip Code in the detail record of the data file.\n       The PTS validates the Zip Code with the Address Management System. If the\n       Zip Code is invalid, the PTS replaces it with zeros and generates a warning\n       message. However, without a valid Zip Code, mail processing and delivery will\n       require manual intervention by a mail processing clerk, causing an additional\n       processing expense that is not considered in destination entry discounts.\n\n   \xe2\x80\xa2   Different discount rates apply to destination facilities \xe2\x80\x93 bulk mail centers, delivery\n       units, and sectional center facilities \xe2\x80\x93 which all have different destination rate\n       indicators. In some locations, these acceptance facilities with different\n       destination rate indicators share the same Zip Code. However, the system is\n       able to validate only one acceptance facility type/destination rate indicator pairing\n       for each Zip Code. Mailings for all other facility type/destination rate pairings for\n       that Zip Code receive a warning message and the mail is processed. Since the\n       mailing is not rejected, the mailer could be claiming a larger discount than they\n       are entitled to claim.\n\n   \xe2\x80\xa2   When eVS mail packages are delivered at a mail acceptance facility which does\n       not service the destination areas, the Postal Service should charge the mailer\n       extra postage for misshipment of mailpieces. Our analysis showed that records\n       that generated this error were not assessed misshipment charges. Management\n       informed us they took action and corrected this issue in their software release on\n       December 16, 2007. However, because our testing was complete, we were\n       unable to validate this.\n\nReevaluating warning conditions to ensure that all conditions that can result in incorrect\npostage are reclassified as errors will necessitate that the mailer correct and retransmit\nthe records. This could increase the accuracy of postage paid. Updating the eVS file\nformat to include additional Zip Codes to correctly designate acceptance facilities that\nshare the same Zip Code will also help to ensure accurate postage.\n\nComprehensive Sampling Procedures\n\nBecause of inadequate sampling procedures at mail receiving facilities, not all mail\npackages had an equal probability of being selected for sampling. High-volume mailers\ndelivered mail packages on a daily basis to receiving facilities. The guidelines for\nsampling allowed the Postal Service to capture sampling data for a mailer at any time\nduring a 7-day period, either in one session or in several sessions, as long as at least\n100 pieces were included in the sample. Marketing established the threshold of at least\n100 pieces for sample size because it believed sampling 100 pieces would provide the\nnecessary coverage to determine the accuracy of eVS mailings. The procedures\nallowed receiving personnel to complete the sampling requirement for a mailer by\nexamining at least 100 mailpieces from a single delivery on a single day rather than\n\n                                              9\n\x0cApplication Controls Review of the                                    CRR-AR-08-003\n Electronic Verification System\n\nsampling mailpieces from deliveries for each day during the 7-day period. This could\nprevent the Postal Service from finding a mailer to have inconsistent mail packaging\nduring the remainder of the 7-day period. The potential for a mailer to exploit this\nsituation is high, since a mailer can track the sampling trend and plan the mailings to\ninclude packages that do not qualify for eVS destination entry rates.\n\nIn March 2005, the Postal Service discontinued sampling conducted at destination\ndelivery units by business mail entry personnel and started relying on the sampling\nconducted by Statistical Programs personnel, who sample eVS packages for\nratemaking-related estimations. However, their verifications cover only a small portion\nof eVS shipping because they sample destination delivery units only when those\nfacilities appear in their sample selection and only when the data collection personnel\nactually visit those facilities. Therefore, sampling that Statistical Programs personnel\nconduct may not provide sufficient coverage to ensure the accuracy of eVS mailings at\ndestination delivery units.\n\nAccording to the Electronic Verification System Intelligent Mail Device User Guide,\nwhen the mail arrives at a scheduled destination entry facility but no test data is\ncollected, the test is considered delinquent. According to the guide, management\nshould contact the district office when the number of delinquent tests reaches an\nunacceptable level and a national eVS coordinator should track all delinquent tests.\nHowever, established procedures do not address delinquent sampling or recording\ndelinquent tests. The eVS Program Manager told us that no one at the district office\nlevel tracked delinquent tests and management had not designated an eVS coordinator\nto track the delinquent tests on a nationwide basis.\n\nSampling eVS packages is the primary method for ensuring compliance by mailers in\npackaging their mail. Sampling procedures that uniformly cover all shipments and all\nacceptance facilities will ensure the Postal Service will be able to collect all revenues.\nManagement informed us that they are developing more detailed sampling procedures.\n\nReconciliation Procedures\n\nBusiness mailers we interviewed cannot reconcile monthly billings from the Postal\nService to the electronic manifests they submit to the agency for the same period.\nBecause implementing rate case requirements takes a higher priority, the Postal\nService did not devote sufficient resources to develop an adequate reconciliation\nsolution. Best practices require system outputs to be balanced to relevant control totals\nand transactions failing edit and validation routines should be subject to appropriate\nfollow-up until errors are corrected. However, existing summaries, error reports, and\npostage statements do not provide sufficient detail for mailers to evaluate and reconcile\npostal billings, hampering effective use of the eVS.\n\nMailers we interviewed are often unable to reconcile 1) the postage they calculate on\nmanifests for a period (for example, 1 month) to the amounts actually charged by the\nPostal Service on the same manifests and 2) total mailpieces they sent for a period to\n\n                                            10\n\x0cApplication Controls Review of the                                       CRR-AR-08-003\n Electronic Verification System\n\nthe total amount charged by the Postal Service during the same period. These mailers\nneed to reconcile this data for their own internal control purposes, such as meeting\nrequirements of the Sarbanes-Oxley Act of 2002. One mailer informed us that the\ninability to reconcile their mailing data remains as a significant deficiency in their internal\ncontrol structure. Another mailer using the eVS on a pilot basis stated they are reluctant\nto adopt eVS for all of their mailings because of their inability to reconcile their mailing\ndata to Postal Service billings.\n\nTo assist mailers in reconciling their data, the eVS provides several online reports as\nwell as the ability to download mail and billing data. However, factors such as\nadjustments and timing differences make the reconciliation process difficult. Potential\nfactors that would hinder mailers from reconciling their balances to the Postal Service\xe2\x80\x99s\ninclude:\n\n   \xe2\x80\xa2   Records the PTS rejects.\n   \xe2\x80\xa2   Records the eVS rejects.\n   \xe2\x80\xa2   Postal Service adjustments for differences identified during sampling.\n   \xe2\x80\xa2   Postal Service adjustments for misshipped items.\n   \xe2\x80\xa2   Postage Adjustment Factor the Postal Service charges.\n   \xe2\x80\xa2   End-of-month shipments the Postal Service receives but for which they have not\n       received manifests.\n   \xe2\x80\xa2   Mail and manifest received during the last days of the current month, but with\n       incomplete processing in the current month.\n   \xe2\x80\xa2   Mail and manifest received during the last days of the previous month but\n       processed and billed in the current month, including postage, sampling\n       adjustments, and adjustments for misshipped items.\n   \xe2\x80\xa2   Permit fees charged during the current month.\n\nDeveloping a reconciliation solution based on a model that takes into account all\npotential reconciling items and providing the ability for customers to run automated\nreconciliation reports could enable mailers to correctly reconcile their data. This will\npromote customer goodwill, convince more mailers to use the system, and preserve the\nPostal Service brand.\n\nCommingling of Test and Production Transactions\n\nWe determined that data a mailer transmits during parallel testing was commingled with\nproduction data in the eVS database. The Postal Service did not implement a separate\ntesting environment to support mailers during the pilot phase. The mailer using the eVS\nas a pilot sends packages through the eVS to determine its suitability for their long-term\nbusiness needs. The Postal Service uses data entered from hard copy manifests this\nmailer submits for billing purposes, while data transmitted electronically into the\ndatabase is used for testing purposes. However, the existing procedures do not clearly\ndistinguish data used for parallel testing from production data.\n\n\n\n                                              11\n\x0cApplication Controls Review of the                                 CRR-AR-08-003\n Electronic Verification System\n\nBest practices call for management to store test data separately from production data.\nCombining test data with production data could result in billing errors or impact the\nintegrity of data used in corporate decision making. Management informed us they\nhave implemented a separate test environment for internal customer acceptance testing\nand plan to implement a certification environment for business mailers. They further\nstated they would establish procedures to demarcate parallel test data sent\nelectronically into the production database from data entered from hard copy manifests\nused for billing purposes. Management has also initiated a hardware upgrade that\nwould add additional capabilities and strengthen controls over test and production data.\n\n\n\n\n                                           12\n\x0cApplication Controls Review of the                   CRR-AR-08-003\n Electronic Verification System\n\n                     APPENDIX C: MANAGEMENT\xe2\x80\x99S COMMENTS\n\n\n\n\n                                     13\n\x0cApplication Controls Review of the        CRR-AR-08-003\n Electronic Verification System\n\n\n\n\n                                     14\n\x0cApplication Controls Review of the        CRR-AR-08-003\n Electronic Verification System\n\n\n\n\n                                     15\n\x0c'